diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/AccessTokenConfiguration.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/AccessTokenConfiguration.java index deeb9fd618..a3d9d8a70a 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/AccessTokenConfiguration.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/AccessTokenConfiguration.java @@ -22,6 +22,8 @@ import com.fasterxml.jackson.annotation.JsonCreator; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; +import java.util.ArrayList; +import java.util.List; import javax.validation.constraints.*; @@ -33,6 +35,8 @@ public class AccessTokenConfiguration { private String type; + private List audience = null; + private Long userAccessTokenExpiryInSeconds; private Long applicationAccessTokenExpiryInSeconds; private String bindingType = "None"; @@ -59,6 +63,32 @@ public void setType(String type) { /** **/ + public AccessTokenConfiguration audience(List audience) { + + this.audience = audience; + return this; + } + + @ApiModelProperty(example = "[\"http://idp.xyz.com\"]", value = "") + @JsonProperty("audience") + @Valid + public List getAudience() { + return audience; + } + public void setAudience(List audience) { + this.audience = audience; + } + + public AccessTokenConfiguration addAudienceItem(String audienceItem) { + if (this.audience == null) { + this.audience = new ArrayList<>(); + } + this.audience.add(audienceItem); + return this; + } + + /** + **/ public AccessTokenConfiguration userAccessTokenExpiryInSeconds(Long userAccessTokenExpiryInSeconds) { this.userAccessTokenExpiryInSeconds = userAccessTokenExpiryInSeconds; @@ -163,6 +193,7 @@ public boolean equals(java.lang.Object o) { } AccessTokenConfiguration accessTokenConfiguration = (AccessTokenConfiguration) o; return Objects.equals(this.type, accessTokenConfiguration.type) && + Objects.equals(this.audience, accessTokenConfiguration.audience) && Objects.equals(this.userAccessTokenExpiryInSeconds, accessTokenConfiguration.userAccessTokenExpiryInSeconds) && Objects.equals(this.applicationAccessTokenExpiryInSeconds, accessTokenConfiguration.applicationAccessTokenExpiryInSeconds) && Objects.equals(this.bindingType, accessTokenConfiguration.bindingType) && @@ -172,7 +203,7 @@ public boolean equals(java.lang.Object o) { @Override public int hashCode() { - return Objects.hash(type, userAccessTokenExpiryInSeconds, applicationAccessTokenExpiryInSeconds, bindingType, revokeTokensWhenIDPSessionTerminated, validateTokenBinding); + return Objects.hash(type, audience, userAccessTokenExpiryInSeconds, applicationAccessTokenExpiryInSeconds, bindingType, revokeTokensWhenIDPSessionTerminated, validateTokenBinding); } @Override @@ -182,6 +213,7 @@ public String toString() { sb.append("class AccessTokenConfiguration {\n"); sb.append(" type: ").append(toIndentedString(type)).append("\n"); + sb.append(" audience: ").append(toIndentedString(audience)).append("\n"); sb.append(" userAccessTokenExpiryInSeconds: ").append(toIndentedString(userAccessTokenExpiryInSeconds)).append("\n"); sb.append(" applicationAccessTokenExpiryInSeconds: ").append(toIndentedString(applicationAccessTokenExpiryInSeconds)).append("\n"); sb.append(" bindingType: ").append(toIndentedString(bindingType)).append("\n"); diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java index 4515f431a7..73ad073469 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2019, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -13,6 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + package org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.oauth2; import org.apache.commons.collections.CollectionUtils; @@ -88,7 +89,7 @@ private void updateIdTokenConfiguration(OAuthConsumerAppDTO consumerAppDTO, IdTo if (idToken != null) { setIfNotNull(idToken.getExpiryInSeconds(), consumerAppDTO::setIdTokenExpiryTime); - consumerAppDTO.setAudiences(Optional.ofNullable(idToken.getAudience()) + consumerAppDTO.setIdTokenAudiences(Optional.ofNullable(idToken.getAudience()) .map(audiences -> audiences.toArray(new String[0])) .orElse(new String[0]) ); @@ -131,6 +132,10 @@ private void updateAccessTokenConfiguration(OAuthConsumerAppDTO consumerAppDTO, if (accessToken != null) { consumerAppDTO.setTokenType(accessToken.getType()); consumerAppDTO.setUserAccessTokenExpiryTime(accessToken.getUserAccessTokenExpiryInSeconds()); + consumerAppDTO.setAccessTokenAudiences(Optional.ofNullable(accessToken.getAudience()) + .map(audiences -> audiences.toArray(new String[0])) + .orElse(new String[0]) + ); consumerAppDTO.setApplicationAccessTokenExpiryTime(accessToken.getApplicationAccessTokenExpiryInSeconds()); consumerAppDTO.setTokenBindingType(accessToken.getBindingType()); if (accessToken.getRevokeTokensWhenIDPSessionTerminated() != null) { diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java index a4aad84987..57f6716d5c 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java @@ -1,18 +1,21 @@ /* - * Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2019, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ + package org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.oauth2; import org.apache.commons.lang.StringUtils; @@ -24,6 +27,7 @@ import org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.RefreshTokenConfiguration; import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO; +import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder; import java.util.ArrayList; import java.util.Arrays; @@ -78,7 +82,7 @@ private OAuth2PKCEConfiguration buildPKCEConfiguration(OAuthConsumerAppDTO oAuth private AccessTokenConfiguration buildTokenConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO) { - return new AccessTokenConfiguration() + AccessTokenConfiguration accessTokenConfiguration = new AccessTokenConfiguration() .type(oAuthConsumerAppDTO.getTokenType()) .userAccessTokenExpiryInSeconds(oAuthConsumerAppDTO.getUserAccessTokenExpiryTime()) .applicationAccessTokenExpiryInSeconds(oAuthConsumerAppDTO.getApplicationAccessTokenExpiryTime()) @@ -86,6 +90,12 @@ private AccessTokenConfiguration buildTokenConfiguration(OAuthConsumerAppDTO oAu .revokeTokensWhenIDPSessionTerminated(oAuthConsumerAppDTO .isTokenRevocationWithIDPSessionTerminationEnabled()) .validateTokenBinding(oAuthConsumerAppDTO.isTokenBindingValidationEnabled()); + + if (!OAuth2ServiceComponentHolder.isLegacyAudienceEnabled()) { + accessTokenConfiguration.audience(getAccessTokenAudiences(oAuthConsumerAppDTO.getAccessTokenAudiences())); + } + + return accessTokenConfiguration; } private RefreshTokenConfiguration buildRefreshTokenConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO) { @@ -99,17 +109,18 @@ private IdTokenConfiguration buildIdTokenConfiguration(OAuthConsumerAppDTO oAuth return new IdTokenConfiguration() .expiryInSeconds(oAuthConsumerAppDTO.getIdTokenExpiryTime()) - .audience(getAudiences(oAuthConsumerAppDTO)) + .audience(getIdTokenAudiences(oAuthConsumerAppDTO.getIdTokenAudiences())) .encryption(buildIdTokenEncryptionConfiguration(oAuthConsumerAppDTO)); } - private List getAudiences(OAuthConsumerAppDTO oAuthConsumerAppDTO) { + private List getIdTokenAudiences(String[] audiences) { - if (oAuthConsumerAppDTO.getAudiences() == null) { - return Collections.emptyList(); - } else { - return Arrays.asList(oAuthConsumerAppDTO.getAudiences()); - } + return (audiences == null) ? Collections.emptyList() : Arrays.asList(audiences); + } + + private List getAccessTokenAudiences(String[] audiences) { + + return (audiences == null) ? Collections.emptyList() : Arrays.asList(audiences); } private IdTokenEncryptionConfiguration buildIdTokenEncryptionConfiguration(OAuthConsumerAppDTO appDTO) { diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthInboundFunctions.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthInboundFunctions.java index 27278b3bf4..c41930753e 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthInboundFunctions.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthInboundFunctions.java @@ -36,6 +36,7 @@ import org.wso2.carbon.identity.oauth.IdentityOAuthClientException; import org.wso2.carbon.identity.oauth.common.OAuthConstants; import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO; +import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder; import java.util.List; import java.util.UUID; @@ -89,6 +90,13 @@ public static InboundAuthenticationRequestConfig putOAuthInbound(ServiceProvider throw buildBadRequestError("Invalid ClientSecret provided for update."); } + if (OAuth2ServiceComponentHolder.isLegacyAudienceEnabled()) { + if (oidcConfigModel.getAccessToken().getAudience() != null) { + throw buildBadRequestError("Cannot set audiences for access token if legacy audiences " + + "are enabled."); + } + } + OAuthConsumerAppDTO appToUpdate = new ApiModelToOAuthConsumerApp().apply(application .getApplicationName(), oidcConfigModel); ApplicationManagementServiceHolder.getOAuthAdminService().updateConsumerApplication(appToUpdate); diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml index a4a43de4ee..acc1fbbfaf 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml @@ -3079,6 +3079,12 @@ components: type: type: string example: JWT + audience: + type: array + example: + - 'http://idp.xyz.com' + items: + type: string userAccessTokenExpiryInSeconds: type: integer format: int64 diff --git a/pom.xml b/pom.xml index 6bea6b98e4..15e4eadbaf 100644 --- a/pom.xml +++ b/pom.xml @@ -604,7 +604,7 @@ 5.2.0 **/gen/**/* 1.4.4 - 6.11.51 + 6.11.90 5.11.16 1.9.4 findbugs-exclude-filter.xml